Itx8071-task2

Allikas: Kursused
Redaktsioon seisuga 29. oktoober 2023, kell 14:58 kasutajalt Risto (arutelu | kaastöö)
Mine navigeerimisribale Mine otsikasti

This homework assignment requires the knowledge from Modules 6 and 7.

Create SEC rules that accomplish the following event correlation task:

1) the rules must process netfilter firewall syslog events about blocked packets sent to local TCP and UDP ports. For example, the following two events represent accesses to local ports 23/tcp and 25/tcp which were blocked by the local firewall:

Oct 25 01:13:02 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.67 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=20049 DF PROTO=TCP SPT=44963 DPT=23 WINDOW=49640 RES=0x00 SYN URGP=0 Oct 25 01:13:08 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.104 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=36362 DF PROTO=TCP SPT=56918 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0